How to Defend Against Keyloggers That Are after Your Bitcoins

Malware that records your keystrokes and sends them back to the attacker, referred to as a keylogger, is a significant threat to your stash of bitcoins. These nearly undetectable programs could be running on your computer or smartphone right now, copying every password, seed, and pin number you type. When they send back that data to the attacker, it may be all too easy for them to gain full access to your bitcoin wallets.

Bitcoin.com talked with Magni Sigurdsson, threat researcher at Cyren, to learn more about how to protect bitcoin wallets from this threat.

Cyren is a cloud-based, Internet security technology company providing threat detection and security analytics to software and hardware vendors, service providers and value-added resellers (VARs). Its solutions are “relied upon by many of the world’s largest technology companies such as Dell, Google, McAfee and Microsoft”, according to the company’s website. Its cloud security platform processes over 17 billion daily transactions. The company protects over 600 million users.

Threat to Bitcoin Wallets

Bitcoin.com (BC): How often are computers infected with keylogger malware that can steal bitcoin wallets?

Cyren (C): Malware that steals cryptocurrency wallets has been around since 2012. In 2013 there was a massive spike in this type of malware and it’s hard to say how many infections there have been, but:

We estimate that there are hundreds different types of cryptocurrency malware out there.

They are all after the same thing – the wallet, crypto addresses (Bitcoin address) and the password that protects the wallet. But the difference is how they do it and on what platform.

Common Ways to Get Infected

BC: How many different ways are there to get infected?

C: There are several ways to get infected.

The most common one would be from an email with attachment. The attachment can be in many different forms, for example an office document, pdf, JavaScript, or just an executable. Usually the email is a fake invoice from banks or delivery companies or something similar.

We then have the classic USB stick delivery method where the malware author drops USB sticks with the malware across the city or near an office building that he is targeting. When a victim picks it up to check what’s on the drive he gets infected by an auto run script on the USB stick.

Drive-by-downloads are also popular where the victim may accidentally visit a malicious web page that automatically downloads the malware. Malicious links or attachments via social media are also very popular these days.

Mobile Operating System

BC: Is the mobile operating system safer than a desktop PC?

C: The mobile operating system should be safer if the user sticks to the Google play store/iOS app store and is not installing apps from unknown sources.

There was a malware on android that exploited a bug in the android system to steal information from bitcoin wallets in 2013, but that has been fixed since then.

The most common mobile malware regarding cryptocurrency was to have a legitimate looking app, for example a flashlight app that was mining cryptocurrency in the background without the user knowing.

Android and iOS are pretty strict on the keylogging so it’s easier to exploit the desktop PC.

How to Check for Keyloggers

BC: How can we check if we are being keylogged?

C: For Windows users: Check which processes are running, using, for example, Task Manager, and look for something out of the ordinary.

Examining the outgoing network traffic from the PC is also effective. Look for strange outgoing connections.

Preventing Infection

BC: How do we prevent being infected with keylogger malware?

C: Obviously do not open strange attachments or click links from emails that you are unsure about. Always check who’s the sender by checking the email address, and if you are not expecting this document or attachment to be sent to you, then make sure you have someone with the proper knowledge to check it before exploring it further. Evidently, relying on users to police their email is a strategy which will have at best limited success.

Standard advice is also always to have anti-virus software on your PC which is up to date, but it’s known that traditional antivirus software recognizes less than half of malware attacks.

Moreover, there can be quite a bit of latency from the time an endpoint anti-virus provider detects something to the time any black list is updated. So relying on user behavior and local anti-virus software is problematic. A better strategy is to use a first-rate secure email gateway which will detect and block delivery of the attachment in the first place. Also use a secure web gateway for internet traffic which inspects outbound connections, preventing the transmission of the data captured, even if infection happens. Make sure to install the latest operating system updates.

Removing Keyloggers

BC: What is the best way to get rid of keylogger malware?

C: First of all, scan the computer with an Anti-virus program that is up to date and see if it is able to remove the keylogger.

Open the task manager or activity monitor, depending on the operating system, and make sure every process that is running is safe and not malicious. If you find a process that is a keylogger, then make sure you remove it from the folder it starts up in, the registry, and any other places that it might be in. Search for the process name on the internet and if it’s a common one you will be able to find instructions on how to remove is.

After removing the keylogger it is good to reboot the system and monitor the process to see that it is not starting up and that it has been completely removed from the system.

Have any of your devices have been infected by keylogger malware? Let us know in the comments section below.

Images courtesy of Shutterstock, Cyren, Android, Apple, and Microsoft

Bitcoin.com is the most unique online destination in the bitcoin universe. Buying bitcoin? Do it here. Want to speak your mind to other bitcoin users? Our forum is always open and censorship-free. Like to gamble? We even have a casino.